SPDX Courses and Certifications

Building, Signing, and Distributing SPDX SBOMs as Artifact Reference Type

Explore SPDX SBOMs as artifact reference types, covering supply chain challenges, registries, and OCI artifact principles for enhanced software security and transparency.

• YouTube
• 29 minutes
• On-Demand
• Free Video

Application of the Upcoming SPDX Safety Profile

Explore the SPDX Safety Profile for managing safety-critical projects, enhancing traceability, and maintaining documentation consistency across various tools and lifecycles.

• YouTube
• 26 minutes
• On-Demand
• Free Video

SBOM Implementation Reality: From Crawl to Walk - SPDX Lite Profile for the First Step

Discover how to create Software Bill of Materials (SBOMs) efficiently using SPDX Lite profile, featuring practical JSON examples and implementation strategies for meeting regulatory requirements in software supply chains.

• YouTube
• 37 minutes
• On-Demand
• Free Video

Implementing an AI BOM With SPDX 3.0 - Insights From a Real AI4S Project

Discover how to implement an AI Bill of Materials using SPDX 3.0 to track data provenance, models, and compliance in GenAI pipelines through real-world project insights.

• YouTube
• 30 minutes
• On-Demand
• Free Video

Linux Plumbers Conference

KernelSBOM - Reconstructing Linux Kernel Builds into Trusted SPDX Bills of Materials

Discover how to reconstruct Linux kernel builds into trusted SPDX bills of materials using KernelSBOM tool for enhanced supply chain security and compliance tracking.

• YouTube
• 34 minutes
• On-Demand
• Free Video

BASIL - What's New, What's Next

Discover BASIL, an open source tool for requirements traceability in collaborative environments, covering new features like SPDX export, test imports, and upcoming developments.

• YouTube
• 42 minutes
• On-Demand
• Free Video

Zero-Touch SBOM Generation - Secure Your Build From the Inside Out

Discover how to automate SBOM generation in CI/CD pipelines using open-source tools for seamless compliance, dependency scanning, and license detection without slowing development.

• YouTube
• 18 minutes
• On-Demand
• Free Video

SPDX 3.0 Overview - Introduction to Software Package Data Exchange

Explore the latest updates and enhancements in SPDX 3.0, the open standard for software bill of materials, and learn how it improves software supply chain transparency and security.

• YouTube
• 22 minutes
• On-Demand
• Free Video

SW360 SBOM - Managing Vulnerability Information, SPDX Documents and Dependency Networks

Explore SW360's features for managing software components, including vulnerability tracking, SPDX document handling, and dependency network visualization for enhanced license compliance and security.

• YouTube
• 36 minutes
• On-Demand
• Free Video

Generating a SPDX SBOM for Your Code in CI Using ORT

Learn to generate SPDX Software Bill of Materials (SBOM) for your code in continuous integration using the OSS Review Toolkit (ORT), enhancing software transparency and security.

• YouTube
• 28 minutes
• On-Demand
• Free Video

SPDX Generation via Yocto and the New LID Code License Scanner

Explore SPDX generation in Yocto using LiD, a new open-source code scanner. Learn about its advantages, integration, and best practices for license compliance in bitbake recipes.

• YouTube
• 46 minutes
• On-Demand
• Free Video

Yocto Project

Generating SPDX Software Bill of Materials with Yocto Project

Generate SPDX Software Bill of Materials with Yocto Project. Learn practical details, usage of "create-spdx" class, and control variables for customized SPDX output.

• YouTube
• 15 minutes
• On-Demand
• Free Video

Yocto Project

Unlocking Software Bill of Materials with Yocto and SPDX 3

Discover how to generate detailed Software Bill of Materials (SBoMs) using Yocto Project and SPDX 3, exploring key features, implementation methods, and practical applications for software development.

• YouTube
• 31 minutes
• On-Demand
• Free Video

Strengthening Software Supply Chains - Harmonizing SLSA Provenance and SPDX SBOM for Better Adoption

Explore how SLSA provenance and SPDX SBOM frameworks can work together to strengthen software supply chain security through better interoperability and reduced duplication.

• YouTube
• 40 minutes
• On-Demand
• Free Video

Practical SBOM Management with Zephyr and SPDX

Learn to identify, assess, and manage software components in Zephyr applications using SBOM standards and tools. Enhance security practices and respond effectively to vulnerabilities in embedded systems.

• YouTube
• 42 minutes
• On-Demand
• Free Video